<?php

// do_action.php
// in members section (user-level actions)

	error_reporting(0);
	session_start();
	error_reporting(1);
	
	require_once "../common/PinSQL.obj";
	$pinSQL = new PinSQL();
	
	$username = $_SESSION['username'];
	$id = $_SESSION['id'];

	
	switch ($_GET['actionname'])
	{
		case "taggedusers":
	
			$pinSQL->Query("SELECT * FROM memberdata WHERE id='$id'");
			$row = $pinSQL->FetchNextRow();
			
			$taggedUsers = explode( ",", $row['tagged_users'] );
			$isTaggedArray = explode( ",", $_POST['tagarray'] );
			
			$newOutput = "";
			
			for ($i=0; $i < sizeof($taggedUsers); $i++)
			{
				if ($isTaggedArray[$i])
				{
					if ($newOutput) { $newOutput .= ","; }
					$newOutput .= $taggedUsers[$i];
				}
			}
			
			$pinSQL->Query("UPDATE memberdata SET tagged_users='$newOutput' WHERE id='$id'");
			
			echo "1";
			
			break;

		case "taguser":
	
			$pinSQL->Query("SELECT * FROM memberdata WHERE id='$id'");
			$row = $pinSQL->FetchNextRow();
			
			$taggedUsers = $row['tagged_users'];
			if ($taggedUsers)
			{
				$taggedUsers .= ",";
			}
			
			$taggedUsers .= $_GET['user'];
			
			$pinSQL->Query("UPDATE memberdata SET tagged_users='$taggedUsers' WHERE id='$id'");
			
			// email notification
			$realname = $pinSQL->GetUserField($username, "firstname") . " " . $pinSQL->GetUserField($username, "lastname");
			if ($realname == " ")
				$realname = $username;
			$subject = "$realname tagged you on The Pin Project...";
			$sex = $pinSQL->GetUserdataField($username, "sex");
			$messageEmail = "$realname added you to " . (($sex=="f") ? "her" : "his") . " list of tagged users. "
			. "This means " . (($sex=="f") ? "she" : "he") . " will now see your recent activity on "
			. (($sex=="f") ? "her" : "his") . " home page."
			. "\n\n___________________________________"
			. "\nVisit the Pin Project: http://www.pinproject.com"
			. "\nYou are receiving this message because e-mail notifications are turned on. You can turn them off in your profile settings.";
			$touser = $_GET['user'];
			include "email_notify.php";
			
			if ($_GET['referrer'] == "viewusers")
			{
				include "gen_users.php";
			} else {
				header ("Location: frame.php?page=" . $_GET['referrer']);
			}
			
			break;
			
		case "untaguser":
	
			$pinSQL->Query("SELECT * FROM memberdata WHERE id='$id'");
			$row = $pinSQL->FetchNextRow();
			
			$taggedUsers = explode( ",", $row['tagged_users'] );
			
			$newOutput = "";
			
			for ($i=0; $i < sizeof($taggedUsers); $i++)
			{
				if ($taggedUsers[$i] != $_GET['user'])
				{
					if ($newOutput) { $newOutput .= ","; }
					$newOutput .= $taggedUsers[$i];
				}
			}
			
			$pinSQL->Query("UPDATE memberdata SET tagged_users='$newOutput' WHERE id='$id'");
			
			if ($_GET['referrer'] == "viewusers")
			{
				include "gen_users.php";
			} else {
				header ("Location: frame.php?page=" . $_GET['referrer']);
			}
			
			break;
			
		case "tagall":
	
			$pinSQL->Query("SELECT * FROM members");
			
			$taggedUsers = "";
			
			$id = $_SESSION['id'];
			
			while ( $row = $pinSQL->FetchNextRow() )
			{
				if ($taggedUsers) { $taggedUsers .= ","; }
				$taggedUsers .= $row['username'];
			}
			
			$pinSQL->Query("UPDATE memberdata SET tagged_users='$taggedUsers' WHERE id='$id'");
			
			header ("Location: frame.php?page=taggedusers");
			
			break;
			
		case "untagall":
	
			$id = $_SESSION['id'];
			
			$pinSQL->Query("UPDATE memberdata SET tagged_users='' WHERE id='$id'");
			
			header ("Location: frame.php?page=taggedusers");
			
			break;
			
		case "search":
		
			$mode = $_POST['mode'];
			$query = $_POST['query'];
			if (!$query) { exit; }
			

			
			$pinSQL->Query("SELECT * FROM members WHERE username LIKE '%$query%'");
			while ( $row = $pinSQL->FetchNextRow() )
			{ 
				
				$link = "frame.php?page=profile&user=".$row['username'];
				if ($mode == "suggestions")
				{
					$link = "javascript:setUser('".$row['username']."')";
				} ?>
				
			
<img src="/img/user_incoming_tag.png" /> <a href="<?php echo $link ?>"><?php echo $row['username']; ?></a>
<br />
<?php		}

			$pinSQL->Query("SELECT * FROM members WHERE firstname LIKE '%$query%' OR lastname LIKE '%$query%'");
			while ( $row = $pinSQL->FetchNextRow() )
			{ 
				$link = "frame.php?page=profile&user=".$row['username'];
				if ($mode == "suggestions")
				{
					$link = "javascript:setUser('".$row['username']."')";
				} ?>
				

				
	<img src="/img/user_incoming_tag.png" /> <a href="<?php echo $link; ?>"><?php echo $row['username']; ?> (<?php echo $row['firstname'] . " " . $row['lastname']; ?>)</a>
	<br />
	<?php	}
				
			if ($mode != "suggestions")
			{
				$pinSQL->Query("SELECT * FROM songdata WHERE name LIKE '%$query%'");
				while ( $row = $pinSQL->FetchNextRow() )
				{ ?>
		<img src="/img/icons/song_sm.png" /> <a href="/common/gallery/portal_music.php?dest=<?php echo $row['id']; ?>"><?php echo $row['name']; ?></a>
		<br />
		<?php		}
				
				$pinSQL->Query("SELECT * FROM picturedata WHERE name LIKE '%$query%'");
				while ( $row = $pinSQL->FetchNextRow() )
				{ ?>
		<img src="/img/icons/picture_sm.png" /> <a href="/common/gallery/portal_pictures.php?dest=<?php echo $row['id']; ?>"><?php echo $row['name']; ?></a>
		<br />
		<?php		}
				
				$pinSQL->Query("SELECT * FROM blogdata WHERE name LIKE '%$query%'");
				while ( $row = $pinSQL->FetchNextRow() )
				{ ?>
		<img src="/img/icons/entry_sm.png" /> <a href="/common/gallery/portal_blog.php?dest=<?php echo $row['id']; ?>"><?php echo $row['name']; ?></a>
		<br />
		<?php		}
			}
			
			break;
		
		case "deletemedia":
		
			$type = $_GET['type'];
			$id = $_GET['id'];
			
			$site_root = "../";
			require_once $site_root . "common/gallery/Gallery_new.obj";
			include $site_root . "common/gallery/setupGallery.php"; //creates a $gallery object which we can use for table names and other specifics
			
			$pinSQL->Query("SELECT * FROM $gallery->dataTable WHERE id='$id'");
			$row = $pinSQL->FetchNextRow();
			
			$artist = $row['artist'];
			
			if ($artist != $username)
			{
				// trying to delete the files of another user
				exit;
			}
			
			$filename = $row['filename'];
			
			$fullPath = $site_root . "members/userData/$artist/$gallery->containerPath/$filename";
			unlink($fullPath);
			
			if ($type = "pictures")
			{
				// also delete thumbnail
				$thumbFilename = $row['thumburl'];
				$fullPath = $site_root . "members/userData/$artist/$gallery->containerPath/$thumbFilename";
				unlink($fullPath);
			}

			$pinSQL->Query("DELETE FROM $gallery->dataTable WHERE id='$id'");
			
			include "gen_myuploads.php";

			
	}



?>